New Intel instructions + algorithms = https://everywhere

At Fall IDF 2008, Intel presented solutions toward realizing a vision that can accelerate secure Internet transactions by orders of magnitude. Our vision was of a world where the internet is entirely secure and attackers have no place to hide. A major step toward realizing this vision of world-wide security is making sure that all the traffic exchanged between servers and clients is encrypted. This is very difficult technical challenge since networking speeds are excessively high (10-100 Gbps), whereas cryptographic algorithms consume millions of processor cycles to execute. Since IDF, we have also worked on designing new cryptographic algorithms that can potentially offer new security/performance tradeoffs and be essential components of future computing platforms and networks. In this blog we summarize our past as well as recent accomplishments.

First, the latest Intel® Core™ micro-architecture (Nehalem) re-introduces the feature of Simultaneous Multi-threading Technology, SMT into the CPU. SMT is ideal for hiding the cycles of compute-intensive public key encryption software under the stall times of network application memory lookups. Following Nehalem, Westmere adds new instructions for potentially speeding up symmetric encryption by a factor of 3-4X. These instructions not only provide better performance but also protect applications against an importance type of threats known as side channel attacks. Third, Intel® has developed superior Integer arithmetic software that can speed key exchange and establishment procedures by a factor of 2X.

Last, we have developed a new cryptographic hash function called Vortex that can be implemented using our new processor instructions. Vortex is one of the fastest collision resistant hashes known to us when implemented on Intel processors. A main strength of the Vortex design is that this hash function can achieve a potential performance of much less than 7 cycles per byte using the AES round and carry-less multiply instructions announced for future Intel processors. The Vortex family produces message digests of 224, 256, 384 and 512 bits. The main idea behind Vortex is to use well known algorithms with very fast diffusion in a small number of steps. These algorithms also balance the cryptographic strength that comes from iterating block cipher rounds with S-box substitution and diffusion against the need to have a lightweight implementation with as small a number of rounds as possible.